By Ed Skoudis and Josh Wright
Josh Wright and I were working on a project recently which involved a target machine with a really restricted shell environment. I'm not talking about a mere rbash with some limits on the executables we could access, but instead a shell so restricted we could not run any binaries at all, save for the shell itself. No ls no cat no netcat we could access very little. It was some sort of ghastly chroot specter.
Still, Josh and I wanted to explore the target machine as much as we could given these shell restrictions. Of course we could have tried escaping our restricted shell (as Doug Stilwell describes in more detail here) and even doing privilege escalation, but before that, we wanted to just look around. Thankfully, we had many shell built-in capabilities we could rely on.
For the uninitiated, shell built-ins are
By Jeff McJunkin
Ladies. Gentlemen. Tim Medin. May I have your attention please? I'm excited to say that the time to select our SANS Brochure Challenge winners has come! If you'll remember, we started this challenge back in late July and we did something very new - we made the challenge start from within the pages of the actual SANS brochures!
We had some FABULOUS write-ups submitted, and we'd like to thank everyone who took part in the challenge. I was happily surprised to see participants using so many ways to approach the pieces of the challenge. Many folk found even easier ways than what was intended!
So, without delaying any further, I'd like to introduce our categories and winners...
For the best technical write-up, after long consideration between the Counter Hack judges, we'd like to award Dave Lassalle with
Over the past couple of weeks, we've been running the SANS Pen Test Hackfest Twitter Contest. I'm delighted to announce the winner. The contest was simple and fun -- just submit a picture of yourself via Twitter with SANS coins, SANS books, or other SANS shwag, and we'll choose a winner at ramdom. We've had some great entries... you guys are a creative group! If you want to see them all, just do a Twitter search for the hashtag #SANSHackfest.
The winner will receive free entry to the 2-Day Summit associated with our November 13 through 20 Pen Test Hackfest training event in Washington DC. We throw everything we've got into this extra special event, including:
- Two days of amazing, in-depth talks by leading minds of the industry, including the authors of some of the best pen test tools on the planet, including SET,
We're delighted to announce a new Twitter-based contest here with a fantastic prize. And, participating in this one is really easy. Check it out.
On November 13 through 20, SANS will be running our second annual Pen Test Hackfest training eventin Washington DC. We throw everything we've got into this extra special event, including:
Here's some fun news. SANS just released a new kind of challenge — one that unfolds from the pages of a SANS brochure itself. Created by Jeff McJunkin and a group of challenge-writing collaborators, we launched it this week with the mailing of the SANS Network Security brochure for the upcoming conference in Las Vegas in October 2014. This challenge will take you across many domains of knowledge, including (but not limited to!): infosec fundamentals, pen testing, digital forensics, steganography, social media, mobile devices, and much, much more, all wrapped up in some geeky fun!
You'll enjoy all these areas and more from the comfort of your brochure (paper or pdf) and local computer, along with everyone's favorite global network, the Internet itself. You'll be able to advance all the way through this challenge from anywhere in the world. If